Skip to content

@noaaroland noaaroland released this Oct 31, 2018 · 45 commits to master since this release

This release is mostly a preventative maintenance release to insure that all of the jar files have version numbers associated with them. Many libraries were updated in the process.

This also fixes the problems with sending expressions which contained certain characters. For example, the conversion 9/5 * $ + 32 now works from the plot options menu.

Assets 3

@noaaroland noaaroland released this Sep 5, 2018 · 113 commits to master since this release

The only significant change is in the file RequestFilter.java which is responsible for verifying the inputs to LAS. The change eliminates a potential XSS bug whereby JavaScript inserted into certain requests might run in the browser.

The easiest way to upgrade.

Assets 3

@noaaroland noaaroland released this Aug 24, 2018 · 121 commits to master since this release

This release upgrades to the latest Struts 2 library (2.5.17) which addresses a potential vulnerability.

It includes some minor code changes and bug fixes.

If you don't want to upgrade your entire code base replace the file:
WebContent/WEB-INF/lib/struts2-core-2.5.13.jar with struts2-core-2.5.17.jar
and execute
ant clean
ant deploy

to install the changes.

This is 8.6.7 to keep in line with internal and specialized releases.

Assets 3

@noaaroland noaaroland released this Sep 8, 2017 · 376 commits to master since this release

This release is functionally equivalent to the 8.6.x series. The difference here is an upgrade of Struts 2 and a few of the associated support libraries. This version uses Struts 2.5.13 which is the current GA release.

We do not believe that LAS suffers from the XML de-serialization issues that motivated the Struts 2.5.13 release, but we want to keep LAS in step with the Struts library.

Assets 3

@noaaroland noaaroland released this Apr 7, 2017 · 398 commits to master since this release

This release is functionally the same as 8.6. It removes one library which conflicts with the latest versions of Tomcat. It removes the custom serialization policy which is unnecessary for most installations and it does not copy a logging library to the THREDDS webapp which can lead to conflicts when using the latest THREDDS Data Server release (4.6.8).

Assets 3

@noaaroland noaaroland released this Mar 10, 2017 · 406 commits to master since this release

This release upgrades the Struts 2 jars to the latest and greatest. It also updates the Struts 2 dependencies and moves to log4j v2.

This is a security patch release and we recommend you move to this release ASAP.

Assets 3

@noaaroland noaaroland released this Feb 24, 2017 · 422 commits to master since this release

This release further sanitizes the error message returned to include only text supplied by the server and removes any client input from the returned message to remove the potential for cross-site scripting attaches.

Assets 3
You can’t perform that action at this time.